AVX2 instruction set optimizations for Intel and AMD processors for the Linux 5.7's Netfilter framework promise to bring large performance improvements of over 5x.
According to Phoronix, the AVX2 support “works out well for optimizing the packet lookup routines of the Netfilter Pile Packet Policies”. In a benchmark test, packets were injected onto the in-going device path. The AMD EPYC 7402 (Rome) server was significantly faster, with improvements ranging “from +26% to +420% with many of the tests being above the +100% range”.
The AVX2 implementation will be included in Linux 5.7. Red Hat is also looking to bring an Arm Neon version.
Netfilter is described as "a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack".